This shows you the differences between two versions of the page.
|
middleware:ed:edid [2009/10/07 17:17] 127.0.0.1 external edit |
middleware:ed:edid [2009/10/14 11:20] (current) dhawes link changes for the VT CA |
||
|---|---|---|---|
| Line 56: | Line 56: | ||
| ==== Q: How do I see data in ED-ID? ==== | ==== Q: How do I see data in ED-ID? ==== | ||
| - | A: What you see in ED-ID is dependent on how you bind (anonymous, simple, SASL EXTERNAL) and the amount of privileges the bound user has. Connecting to ED-ID requires the use of TLS client certificate authentication, meaning you must have a signed certificate from the [[http://vtmwra.eprov.iad.vt.edu|Virgina Tech Middleware CA]] in order to connect. Users bound anonymously can only search on uupid and can only see the DN (distinguished name) of any user. Users that have performed a simple bind as themselves (PID/pass) can only see their own objectclass, uupid, uid, and eduPersonAffiliation(s). Users that have performed a SASL EXTERNAL bind can only see those attributes they have been approved to see (for all users), and only if the corresponding service is ACTIVE. | + | A: What you see in ED-ID is dependent on how you bind (anonymous, simple, SASL EXTERNAL) and the amount of privileges the bound user has. Connecting to ED-ID requires the use of TLS client certificate authentication, meaning you must have a signed certificate from the [[http://www.pki.vt.edu/subscriber/vt_middleware_cert.html|Virgina Tech Middleware CA]] in order to connect. Users bound anonymously can only search on uupid and can only see the DN (distinguished name) of any user. Users that have performed a simple bind as themselves (PID/pass) can only see their own objectclass, uupid, uid, and eduPersonAffiliation(s). Users that have performed a SASL EXTERNAL bind can only see those attributes they have been approved to see (for all users), and only if the corresponding service is ACTIVE. |
| ==== Q: What is a client certificate? ==== | ==== Q: What is a client certificate? ==== | ||
| - | A: A client certificate is an X.509 certificate that is used for authentication during TLS negotiation. A client certificate signed by the [[http://vtmwra.eprov.iad.vt.edu|VT Middleware CA]] is required to connect to ED-ID. | + | A: A client certificate is an X.509 certificate that is used for authentication during TLS negotiation. A client certificate signed by the [[http://www.pki.vt.edu/subscriber/vt_middleware_cert.html|VT Middleware CA]] is required to connect to ED-ID. |
| ==== Q: What is SASL? ==== | ==== Q: What is SASL? ==== | ||
| Line 74: | Line 74: | ||
| ==== Q: What is the VT Middleware CA? ==== | ==== Q: What is the VT Middleware CA? ==== | ||
| - | A: The [[http://vtmwra.eprov.iad.vt.edu|VT Middleware CA]] is a subordinate CA of the [[http://www.pki.vt.edu|VT Root CA]] that signs ED-ID service certificates. To connect to ED-ID you need a client certificate signed by this Certification Authority. | + | A: The [[http://www.pki.vt.edu/subscriber/vt_middleware_cert.html|VT Middleware CA]] is a subordinate CA of the [[http://www.pki.vt.edu|VT Root CA]] that signs ED-ID service certificates. To connect to ED-ID you need a client certificate signed by this Certification Authority. |
| ==== Q: What attributes can a service see? ==== | ==== Q: What attributes can a service see? ==== | ||
| Line 95: | Line 95: | ||
| ==== Q: Where do I get my certificate for ED-ID? ==== | ==== Q: Where do I get my certificate for ED-ID? ==== | ||
| - | A: Signed certificates are available for download from the [[http://vtmwra.eprov.iad.vt.edu|VT Middleware CA]]. | + | A: Signed certificates are available for download from the [[http://www.pki.vt.edu/subscriber/vt_middleware_cert.html|VT Middleware CA]]. |
| ==== Q: How long is my certificate valid? ==== | ==== Q: How long is my certificate valid? ==== | ||